feat: DoH server endpoint + DoT enabled by default #79

Merged

razvandimescu merged 5 commits from feat/cache-warming into main 2026-04-11 09:06:17 +08:00

Conversation 0 Commits 5 Files Changed 13 +298 -21

razvandimescu commented 2026-04-11 08:05:34 +08:00 (Migrated from github.com)

Copy Link

Summary

• DoH server (RFC 8484): serves POST /dns-query on the existing HTTPS proxy (port 443). POST-only (no GET — avoids query leaks in URLs/logs, zero new dependencies). Host-gated to numa.numa, returns application/dns-message with Cache-Control: max-age=<min_ttl>. Automatically enabled when proxy TLS is active — no config needed.
• DoT enabled by default: DoT listener now starts automatically with sudo numa, matching the proxy and DoH defaults. Makes numa setup-phone work out of the box without touching config.
• Zone map priority fix: moved local zone lookup before RFC 6762 .local special-use handling so explicitly configured zone records (e.g. test.local) are served instead of getting blanket NXDOMAIN.
• Health/banner: DoH advertised in startup banner and /health features list when active.

Test plan

• 4 unit tests: host matching, TTL extraction (min of multiple, empty answers), FORMERR serialization
• 4 integration tests in Suite 6: valid DoH POST resolves local zone, wrong Content-Type → 415, wrong host → 404
• Suite 4 local zones (test.local, mail.local) now pass with zone map priority fix
• Full integration suite: 68/68 green
• make all (fmt + clippy + audit + 204 unit tests) green

🤖 Generated with Claude Code

## Summary - **DoH server** (RFC 8484): serves `POST /dns-query` on the existing HTTPS proxy (port 443). POST-only (no GET — avoids query leaks in URLs/logs, zero new dependencies). Host-gated to `numa.numa`, returns `application/dns-message` with `Cache-Control: max-age=<min_ttl>`. Automatically enabled when proxy TLS is active — no config needed. - **DoT enabled by default**: DoT listener now starts automatically with `sudo numa`, matching the proxy and DoH defaults. Makes `numa setup-phone` work out of the box without touching config. - **Zone map priority fix**: moved local zone lookup before RFC 6762 `.local` special-use handling so explicitly configured zone records (e.g. `test.local`) are served instead of getting blanket NXDOMAIN. - **Health/banner**: DoH advertised in startup banner and `/health` features list when active. ## Test plan - [x] 4 unit tests: host matching, TTL extraction (min of multiple, empty answers), FORMERR serialization - [x] 4 integration tests in Suite 6: valid DoH POST resolves local zone, wrong Content-Type → 415, wrong host → 404 - [x] Suite 4 local zones (`test.local`, `mail.local`) now pass with zone map priority fix - [x] Full integration suite: 68/68 green - [x] `make all` (fmt + clippy + audit + 204 unit tests) green 🤖 Generated with [Claude Code](https://claude.com/claude-code)

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

docker

Pull requests that update docker code

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

github_actions

Pull requests that update GitHub Actions code

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

rust

Pull requests that update rust code

wontfix

This will not be worked on

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

dearsky

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/numa#79